Overview
A ContentKeeper server must access the ContentKeeper DataCenter in order to
retrieve its hourly updates. A ContentKeeper server connects to the DataCenter via
the HTTP protocol, in the same way that a browser connects to the Internet. It is
common to use a proxy server when connecting the ContentKeeper Management to
the Internet.
In cases where a proxy server requires authentication, a bypass must be configured for
the ContentKeeper Management port. This document describes how a bypass may be
configured on a dual homed Microsoft ISA server.
Document Revision B
Date: 5th May 2003
Integrating ContentKeeper
Version 117.9 of ContentKeeper cannot negotiate authentication on outgoing HTTP
requests. An example of this is an HTTP proxy server that requires authentication.
This means that if you configure ContentKeeper to use an HTTP proxy server that
requires authentication, ContentKeeper will not be able to authenticate, and therefore
fail to register with the DataCenter for its hourly updates.
The solution is to enable a bypass for the ContentKeeper Management Port within the
proxy server, or to bypass the proxy server all together. Bypassing an ISA server all
together is only possible when the ISA server is not the gateway device.
Planning Considerations
When planning to enable a bypass for the ContentKeeper Management Port within an
ISA server, there are a number items to consider. Each item and the repercussions of
changing its configuration should be examined.
The following items will be affected by enabling a bypass for the ContentKeeper
Management Port within the ISA server:
This document has been designed for use with an ISA Server configured
with two or more network interface cards.
Protocol Rules (The Protocol Rules must be updated to enable the
management port to access the DataCenter.)
Site and Content Rules (The Site and Content Rules must be updated to
enable the management port to access the DataCenter.)
Technical Support
ContentKeeper Technologies recognise the need to provide world-class support to our
global customers and have put in place a technical support infrastructure to ensure
that technical support calls are recorded and responded to in a timely manner.
Our helpdesk technicians are ContentKeeper product specialists with extensive
background in networking at both infrastructure and systems level. This allows most
support calls to be resolved quickly, usually on the first call. Should additional
assistance be required, our technicians also have access to network specialists as well
as to the ContentKeeper development team and are willing to work with you to
resolve any problems.
ContentKeeper Technical Support Contact Details
ContentKeeper Technologies
218 Northbourne Avenue
Braddon ACT 2612
Australia
PH +61-2-62614950
Fax +61-2-62579801
support@ContentKeeper.com
www.ContentKeeper.com
Procedure Overview
The following is an overview of the procedure involved in enabling a bypass for the
ContentKeeper Management Port within the ISA Server:
1. Create a new Client Address Set
The new Client Address Set will allow the ISA Server to uniquely identify
ContentKeeper by the Management Port IP address.
2. Create a new Protocol Rule
The new Protocol rule will allow TCP/IP traffic of a specified type that
originates at the ContentKeeper server to traverse the ISA Server.
3. Create a new Site and Content rule
The new Site and Content rule will allow ContentKeeper to retrieve updates
from the DataCenter uninhibited.
4
The full procedure for enabling a bypass within a Microsoft ISA Server is outlined in
the following pages.
This document has been designed for use with an ISA Server configured with two or
more network interface cards.
For more Information regarding ContentKeeper and the DataCenter refer to the
ContentKeeper Administration Guide.
2.
3.
4.
5.
6.
7.
Right-click Client Address Sets, point to New, and then click Set.
In Name, type ContentKeeper.
(Optional) In Description, type a description for the set.
Click Add.
In From, type the IP address of the ContentKeeper Management port.
In To, type the IP address of the ContentKeeper Management port then click
Ok.
8. Click Ok to finish.
2.
3.
4.
5.
6.
7.
2.
3.
4.
5.
6.
7.
8.
9.
Right-click Site and Content Rules, point to New, and then click Rule.
In the New Site and Content Rule Wizard, type a name for the new rule.
In Name, type ContentKeeper.
Select a Custom rule configuration.
Select All Destinations .
Choose a schedule of Always.
Choose Specific computers (client address sets).
Click Add and highlight the ContentKeeper address set, then click Add
followed by Ok.
10. Specify Any Content Type.
11. Click Finish.
2. In the details pane, right-click HTTP redirector filter and select Properties.
3. On the Options tab, click Send to requested web server.
4. Click Ok to finish.
1. In the console tree of ISA Management, locate Protocol Rules and Site and
Content Filters .
o Internet Security and Acceleration Server
o Servers and Arrays
o Name
o Network Configuration
o Protocol Rules
o Site and Content Rules
2. Determine whether or not the existing Protocol Rules and Site and Content
Filters affect the Management Port IP address.
3. Exclude the ContentKeeper Management Port from any of the existing
Protocol Rules and Site and Content Filters that affect the Management Port
using the following method:
a. View the Properties of each of the existing Protocol Rules and Site
and Content Filters.
b. Under each Rule or Filter, select the Applies To tab.
c. Click the Add button next to the Exceptions field.
d. Add the ContentKeeper Client Address Set.
e. Apply any changes.
10
Restart
Restart the Microsoft ISA Server Proxy and Firewall services or restart the server if
possible.
View the Microsoft ISA Server Proxy and Firewall services in the following location:
o Internet Security and Acceleration Server
o Servers and Arrays
o Name
o Monitoring
o Services
Stop and then start the by right clicking on each service and selecting Stop and then
Start.
Configure ContentKeeper
As the Microsoft ISA Server has been configured to send requests directly to the
requested web server, ContentKeeper will not be connecting to the proxy server. Use
the following method to ensure that ContentKeeper is not configured to use a proxy
server.
To access the ContentKeeper Web Interface, use an Internet browser to browse to
the IP address of the Management Port.
For more Information regarding ContentKeeper and the DataCenter refer to the
ContentKeeper Administration Guide.
11